package com.demo.shiro.realm;


import org.apache.shiro.authc.*;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.util.ByteSource;
//认证
public class SecondRealm extends AuthenticatingRealm {
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        System.out.println("[SecondRealm] doGetAuthenticationInfo-------------------------------------");
        //1将AuthenticationToken 转换为UsernamePasswordToken
        UsernamePasswordToken tpToken= (UsernamePasswordToken) token;
        //2从UsernamePasswordToken获取username
        String username = tpToken.getUsername();
        //3从数据获取相关用户信息
        System.out.println("获取数据库用户信息："+username+"---------------------------------------------------------------------");
        //4若用户不存在抛出
        if ("aa".equals(username)){
            throw new UnknownAccountException("用户不存在:"+username+"---------------------------------------------------------------------");
        }
        if ("bb".equals(username)){
            throw  new LockedAccountException("用户已被锁住："+username+"---------------------------------------------------------------------");
        }
        //5根据用户的情况，来构建AuthenticationInfo对象并返回，通常实现类为SimpleAuthenticationInfo
        //（1）principal认证的实体信息，可以使username也可以是实体类
        Object principal=username;
        //（2）credentials 密码
        Object credentials=null;//123456  fc1709d0a95a6be30bc5926fdb7f22f4
        if ("admin".equals(username)){
            credentials="ce2f6417c7e1d32c1d81a797ee0b499f87c5de06";
        }else if ("user".equals(username)){
            credentials="073d4c3ae812935f23cb3f2a71943f49e082a718";
        }
        //（3）realmName 当前realm对象的name 调用父类的getName()
        String realmName=getName();
        //new SimpleAuthenticationInfo( principal,  credentials,  realmName);
        SimpleAuthenticationInfo info = null;
        //（4）MD5盐值加密 区分添加用户名，区分相同的密码 更加安全 一般使用唯一
        ByteSource credentialsSalt=ByteSource.Util.bytes(username);
        info=new SimpleAuthenticationInfo( principal,  credentials,  credentialsSalt,  realmName);
        /**
         *  public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
         *         Object tokenHashedCredentials = this.hashProvidedCredentials(token, info);
         *         Object accountCredentials = this.getCredentials(info);
         *         return this.equals(tokenHashedCredentials, accountCredentials);
         *     }
         */
        return info;
    }

    public static void main(String[] args) {

        String hashAlgorithmName="SHA1";
        Object credentials="123456";
        //salt md5盐值加密
        Object salt=ByteSource.Util.bytes("admin");
        int hashIterations=1024;
        SimpleHash simpleHash = new SimpleHash(hashAlgorithmName, credentials, salt, hashIterations);
        //fc1709d0a95a6be30bc5926fdb7f22f4
        System.out.println(simpleHash);
    }
}
